Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Large-Scale Attempts to Attack WordPress Sites
Alerts

Large-Scale Attempts to Attack WordPress Sites

6 May 2020

Large-scale attempts to attack WordPress sites have been observed by Wordfence, a cybersecurity firm which runs a WordPress security plugin.

The attacks leverage Cross-Site Scripting (XSS) vulnerabilities in outdated WordPress plugins to implant JavaScript code. This code redirects users to malicious websites and further leverages logged-in administrators to create backdoor accounts without their knowledge.

Administrators and site owners using the affected products are advised to enable automatic updates or perform regular updates of WordPress and its plugins to protect against known vulnerabilities. Administrators and site owners are also advised to deactivate and delete any plugins that have been removed from the WordPress plugin repository.

More information is available at:

https://www.wordfence.com/blog/2020/05/nearly-a-million-wp-sites-targeted-in-large-scale-attacks/

https://www.zdnet.com/article/a-hacker-group-tried-to-hijack-900000-wordpress-sites-over-the-last-week/

Back to top